Zero Day

Home > Other > Zero Day > Page 5
Zero Day Page 5

by Mark Russinovich


  Code generated in such a way looked as childish to the skilled hacker as that child’s colored picture of a tiger. Other bits were repeatedly written, to the point of being counterproductive. One section might create an action, another would stop it; then it would be created again, then stopped again, sometimes in long, pointless strings. An amazing amount of code could be written to produce almost nothing. Useless code lay everywhere, occupying a cyber universe with its clutter.

  Then there were the hackers such as Vladimir. These were artists of the most rare and talented sort. Their code was lean and strong, producing results with the sparest of keystrokes. What they wrote was elegant, masterful.

  The Russian had made his cyber reputation by discovering a vulnerability in Windows XP. He’d posted the details in various chat rooms to claim the credit. Several weeks later, Microsoft confirmed the vulnerability when it released a patch to repair it. Vladimir had responded by posting the details of a second vulnerability. This time it took Microsoft three months to release a patch.

  In standard computer protocol, Vladimir had no business publishing the vulnerabilities. He should have given the information directly to the company. By taking the approach he had, he’d gained an initial reputation for himself, but he’d also exposed many thousands of Windows XP owners to virus attacks. By posting, he had been able to claim full credit. Had he notified Microsoft, then posted the details only after the security patch was released, he would have been mocked.

  Vladimir’s reputation had grown when he posted the first vulnerability in Windows Vista within hours of its being released. In fact, he’d discovered three vulnerabilities while examining the beta version—but by that time he was losing interest in what he considered the juvenile game of claiming credit for finding weaknesses in the software giant’s programs. It was impossible to produce a complex program to serve so many millions of users and not leave something vulnerable. He’d claimed the one, but had quietly informed Microsoft of the other two.

  Still, Vladimir’s reputation had been made. He’d had no lasting desire to involve himself daily in the cyber-hacker world and had always been a private person, so with the posting of the first Windows Vista vulnerability, he’d withdrawn from regular active exposure in the hacker chat rooms and forums.

  By this time Vladimir had realized he possessed an extraordinary aptitude. It took another two years to turn it into meaningful income. Now his services were much sought after, and he could pick and choose his assignments. He maintained an e-gold account—a digital gold currency created to allow the instant transfer of gold ownership between users—into which his fees were deposited outside Russia. There were over 3 million e-gold accounts and nearly 4 million ounces of gold in storage. But one of the unintended uses of the accounts was to, in essence, allow the laundering of payments.

  For his immediate need, Vladimir decided no help was to be found on the Internet. He returned to the code he was writing and tried again. Still … something eluded him. He went back and rewrote a section, then nodded. He copied the sequence and dropped it into his test computer. It worked.

  Vladimir smiled. Slick. This last was his best. Even he was impressed.

  9

  MANHATTAN, NYC

  IT CENTER

  FISCHERMAN, PLATT & COHEN

  TUESDAY, AUGUST 15

  2:32 A.M.

  As was his habit when working, Jeff set his digital watch to chirp every two hours. When it went off, he would stand from his station, stretch, then take a walk around the offices to exercise his body and clear his head, though a part of him never let go of the problem he was grappling with. He’d drink a Coke or a cup of black coffee, use the restroom, wash his face, then return to his place.

  Respectful of his dedication, Sue didn’t break his concentration with idle chatter or questions about what she was seeing over his shoulder. She took her breaks at different times, always returning with the smell of cigarette smoke about her. He’d sniffed once before realizing it came from her. She’d said, “I know. A disgusting habit. I just have to quit.”

  At one point some hours into the process, Harold disappeared. It could have been the middle of the night or broad daylight. Jeff had no idea. But when Harold returned with food from the all-night diner, Jeff realized how hungry he was. He wolfed down a ham-and-cheese sandwich just as the new framework dropped the unencrypted copy of the code onto his disk. He chewed as he analyzed it.

  So far, he had discovered mostly negatives. The single most troubling development had been an attempt by the virus to replicate itself. In this case, it had failed, but, he realized, in other environments it might well be succeeding. It didn’t affect what he was doing today, though it could mean disaster for thousands of other businesses. But that was in the future. Right now he had to concentrate on what he was getting paid to do. As he finished the food and wiped his hands on a napkin, Jeff mentally groaned at what he saw. Even the decrypted code he’d labored so long to produce was obtuse. The cracker was using tricks that ran in the low-level environment. That meant that this approach was a dead end.

  Jeff didn’t realize that Sue had been gone until she reentered the room. She came up behind him and leaned down at a time when he had his screen filled with the string output. Her proximity reminded him for a moment that she was an attractive woman. But almost as quickly as the sensation came, it vanished. It had happened before when he’d been drawn to a woman. He knew the shutting down of his emotions was related to Cynthia’s death, and the guilt he felt about not having done more to prevent it.

  But nothing would ever change what had happened.

  His BlackBerry rang, snapping him out of his gloom. “Excuse me,” he muttered to Sue, as he answered.

  Sue took the opportunity to examine Jeff much more closely as he listened to his caller. She’d been attracted from the start and, having watched him work, was now even more impressed. Now she could take him in as a man and liked what she saw. She wondered if he mixed business with pleasure. In her experience, most men did, given the chance.

  “I’m in Manhattan too, on a system crash. I’ve never seen anything like it. I’m sorry to hear about the deaths.” Jeff paused. “Sure, sure. That sounds good, Daryl. Maybe I’ll know something by then.” Slipping his BlackBerry back in his pocket, he looked up at Sue. “Sorry about that. A colleague. She’s in town working on something similar.”

  “She’s obviously dedicated. It’s the middle of the night. Could it be the same virus?”

  Jeff considered what Daryl had told him. “It’s possible, except her virus didn’t crash the system. Just caused it to malfunction in a deadly way.”

  “I guess we should be thankful no one’s died even with all the problems we’re having. This could be a lot worse. Any luck? You’ve been at this for some time, and I thought I worked long hours.”

  Jeff grinned. “It’s why I get the big bucks. I may not solve the problem, but they can’t complain about the time I put in.” Jeff’s smile vanished. “What I’ve found so far isn’t making much sense.”

  “Any guesses?”

  “Unfortunately, a few.” Leaning back in his chair, Jeff folded his arms across his chest. “So far, whatever you contracted isn’t a known variant of a virus. It doesn’t look very sophisticated, since it killed itself, and in probability is a cut-and-paste job at its core. But it was plenty destructive. It wanted to replicate, which is bad news for other computers. It’s also encrypted and deeply embedded, which is making my job very tough. From how some of the code is written, I can speculate that the author may be Russian. If true, that’s not reassuring at all. The Russian Mafia is heavily involved in financial fraud through malware.”

  Jeff stopped and thought about the implications of what he’d just said. In recent years the Russian Mafia had hired the best software engineers in the former Soviet Union to create new viruses and unleashed them on the cyber world. They were making hundreds of millions a year, and the more they made, the more aggressive and cr
eative they’d become.

  “I’m surprised the virus has been so hard to find,” Sue said, focusing his thoughts.

  “They usually aren’t,” Jeff agreed. “Typically, I spend most of my time recovering information and rebuilding systems. But lately I’ve been seeing more and more of this kind of thing. A cracker gets into your system to do damage, not to steal information. Not long ago a guy was caught who hired a cracker to shut down the Web sites of his major competitors. These were Internet businesses; as long as he got away with it, everyone’s customers went to him.”

  “That’s terrible!” Sue knew the Internet was used for scams, but she’d never before heard such a story. To her, the Internet should be benign, a resource to make life better, not a destructive force.

  Jeff knew what Sue was feeling. He often felt the same way. “I hate to say it, but that’s only one of hundreds of ways to profit from cybercrime. In the good old days, hackers were geeks out to make a name for themselves. Now they can earn money, sometimes big money, with the same skills and malicious intentions. There are even Web sites where you can download malware. You graft on something you’ve cooked up yourself, and you’re off and running. One guy got into a bank’s system and had a tenth of a penny—that’s all, just a tenth of a penny—taken from every transaction over one hundred dollars and wired into an offshore account. The bank’s computer was programmed to round pennies up, so it kept covering the shortage.”

  “What’s a tenth of a penny?”

  “I have no idea.” Jeff shrugged. “I guess they break currency down as far as they can. He could have asked for a twentieth, or a hundredth.”

  “What happened?”

  “Within four months he’d made over six hundred thousand dollars. Even then the bank’s computer kept covering for him. I don’t know how long it would have gone on if he hadn’t made the mistake of not deleting all bank-employee accounts from his scam. See, these people knew the system, and a lot of them balanced their checkbooks to the penny. One of them spotted that the accounting system was skewing and checked the programming. He found the virus, and it didn’t take long to find the crook.” Jeff took a sip of coffee. That hadn’t been his case, but he’d cracked one like it, and it had felt very, very good. In some ways the satisfaction he took from his work was more important than the pay.

  “I’m surprised our security measures didn’t stop this. They were supposed to,” Sue said.

  “All security systems are reactive in nature. That means the virus has a head start in infecting computers before it’s identified and enters the log of the antivirus and firewall programs. There are very sophisticated crooks who have taken to hiring crackers to deliver viruses that steal financial information. Computer security has become much more difficult now that there’s a great deal of money to be made. Russian crackers looted a French bank of more than one million dollars in 2006.”

  Sue shook her head in amazement.

  “Since your firewall and antivirus software didn’t spot whatever it is, it’s something off the charts,” Jeff said, rubbing his forehead, trying to ease his exhaustion away. “Something new, or something very sneaky—perhaps something targeted specifically at you. Any business makes enemies.”

  “I hadn’t considered that.” Sue shifted in her chair and pointed at Jeff’s computer screen.“But you think this is Russian.”

  “I can’t really put my finger on it. I’ve been able to read some of the code, and it’s just got a Russian feel to it.”

  “Maybe somebody copied some Russian code.”

  “Could be, could be. But like I said, the Russians have lots of computer-savvy people, and they lease themselves out to criminal groups.”

  “You think something like that happened to us?”

  “I can’t say at this point. I see sophisticated along with sloppy work. The virus might have been after your data or bank records, but something went wrong because the code was carelessly written.”

  “So you think this is about our financial data?”

  Jeff grinned. “I don’t know. I’m just speculating here. It might also be an attack meant to create the destruction it’s causing, or something gone awry. It’s possible it steals information, sends it out, then destroys itself to cover its tracks. I just don’t know enough yet.”

  Harold was long gone and no one was working in the outside offices. The building was quiet, almost as if it were asleep. “Let’s get some more coffee,” Sue said. In the break room she emptied the coffee machine, rinsed out the pot, filled it with bottled water, opened a container of coffee, and placed it into a new filter. She turned the machine on, then leaned back against the counter to wait. “So you still play video games,” she said with an amused look.

  Jeff smiled. “My secret vice. Actually, it’s all related. At least that’s what I tell myself. I prefer online first-person shooting scenarios. It’s how I deal with stress and it’s something I can do anywhere. I also like brainteasers.”

  “That’s where your work comes in.”

  “Right. I hate to lose. I’ll stick with a virus until I have it figured out, no matter how long it takes.”

  Sue arched an eyebrow. “That must get expensive for the client.”

  He shook his head. “No, there’s a point beyond which it makes no sense to keep billing. After I’ve fixed the problem, though, I’ll take the virus home and work on it there until I’ve got it.” He met her eyes. “How long have you been here?”

  Sue gave him her nonoffice smile. “Just over four years.” Pouring them each a fresh cup of strong coffee, she motioned to Jeff to sit down at the well-used table. Placing his coffee in front of him, she seated herself, took a sip, and sighed with satisfaction before continuing, “I’m from northern California, went to UC Berkeley for computer science. I worked at Microsoft, then took a job in San Francisco before moving here. I’ve worked at Cohen ever since. Until Saturday, it was a good job. Greene’s a pain sometimes, but as long as the system works, he leaves us alone, and Harold has no life away from work. Sadly, that makes two of us. And so you don’t have to ask, my dad’s white and my mom is third-generation San Francisco Chinese. Big scandal in the family. What about you?”

  “I’m from Philly originally. I majored in math, enjoyed computer science, so went to the University of Michigan for my Ph.D.”

  Sue flashed that friendly smile again. “I have to say, Jeff, you certainly don’t look like a computer geek.”

  He laughed. “Genetics, mostly, though I played rugby in college and football in high school.”

  “Then what?”

  “I taught at Carnegie Mellon, but like almost everybody who isn’t a suck-up, it became clear I wouldn’t get tenure. I went to work for the Cyber Security Division at the CIA, in 1998.”

  Sue lit up. “A spook, huh?”

  “Hardly,” Jeff said, eager to discourage any romantic notions about his CIA work. “I worked in a crummy office just like yours, only buried in the basement at Langley. Technically I was head of a three-man team called the Cyberterrorism Unit, but my two assistants were always off doing standard IT work for the division.”

  “What’d they have you doing, or can’t you say?”

  “No, I can talk about my duties, within reason,” Jeff said. “The only danger is I’d bore you to death.”

  “I’m listening.”

  “Trust me, it wasn’t glamorous.” He filled her in on his years at the Company, telling her he’d held no illusions when he was recruited for the position. “Government work is government work. But I figured it couldn’t possibly be worse than academia. I was wrong.”

  Though the threat to the Internet was real enough, at that time it was considered to be largely abstract. The Company budget was allocated primarily to the traditional physical threats. When it came to computers and the Internet, the threat was generally perceived as the possible physical destruction of facilities.

  As their primary mission, Jeff and his truncated team worked on recovering data
from computers seized from suspects and known terrorists. But they were also responsible for tracking the use of the Internet for terrorist activities and for potential threats.

  During the years of his employment, as the Internet grew and spread its tentacles into every aspect of American life and the world community, the potential for a cyber-terrorist attack rose exponentially. The safety of the Internet, and of those computers connected to it, was dependent solely on the security of each individual computer that formed part of the network.

  Jeff had certainly seen the threat. He had reasoned that as more government agencies conducted both external and internal business through the Internet, as more banks came online, as nuclear power plants continued linking to one another, and as the U.S. military came to increasingly rely on the Internet and computers to conduct its operations, his unit would receive greater resources and command more attention. He’d been wrong.

  The irony was that the Internet had originally been developed as a national security system. In the 1960s, the Department of Defense had been concerned about the vulnerability of its mainframe computers—back in the days when all computers were mainframes—and of its increasingly computer-linked communications system. Several well-placed ICBMs, or even one at a critical point, could potentially cripple America’s ability to defend itself. The air force was especially concerned about maintaining real-time control over its nuclear missiles.

  What then emerged was a government-funded system of interconnected computer redundancy. The idea was that even if several computer hubs at key installations were nuked, the system, the actual Internet, would reroute itself around them. In theory, like the multiheaded Hydra of Greek mythology, it would be impossible to defeat. It might be slow, it might electronically hiccup, but the system would function. Jeff wasn’t so sure. The designers had only considered outside threats. They’d never contemplated the ultimate digital universe they’d created, or that the real threat to the Internet might well come from within.

 

‹ Prev